Skillv1.6.4

ClawScan security

SwipeNode Web Extractor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 7:36 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (a Go-based web extractor that spoofs TLS fingerprints), but it fetches and installs code from a remote GitHub repo and is explicitly designed to evade WAFs, so you should review the upstream source and limit autonomy before installing.
Guidance: This skill appears coherent with its description but it intentionally enables TLS-fingerprint spoofing to bypass WAFs, which can be legally and ethically sensitive. Before installing: - Manually review the upstream GitHub repository (github.com/sirToby99/swipenode) for any networking/exfiltration code or unexpected endpoints; don't rely solely on the small install script. The install uses 'go install' to fetch remote code at v1.6.4, so that tag's contents matter. - Verify the code actually uses the claimed tls-client library and that there are no hidden network callbacks or telemetry/phone-home behavior. - Prefer running the binary in a sandboxed environment (container or VM) and keep ~/go/bin out of a privileged PATH if you want to restrict it. - Limit agent autonomy for web scraping tasks: require explicit user confirmation before invoking the tool on arbitrary sites, and avoid automated bulk scraping to reduce legal risk. - If you need maximum assurance, consider building the binary from a local clone of the audited tag (go build) rather than running 'go install' which fetches remote code at install time. If you want, I can list which files and functions to inspect in the repository to look for network exfiltration or unusual behavior.

Review Dimensions

Purpose & Capability: okName, description, and runtime instructions all describe a Go binary that fetches web pages and extracts structured data while mimicking browser TLS fingerprints. The included install.sh uses go install to pull the repository at the claimed GitHub path. Minor metadata mismatch: SKILL.md lists version 1.6.3 in its header while registry metadata and install.sh use v1.6.4, and registry 'Source' is listed as unknown even though the SKILL.md points to a GitHub repo.
Instruction Scope: noteSKILL.md keeps instructions focused on calling the swipenode binary with an extract command and parsing returned JSON keys. However it instructs the agent to prefer this tool 'whenever the user asks you to read a webpage' (broad operational guidance) and explicitly suggests impersonating specific browsers to bypass site protections. That gives the agent wide discretion and raises ethical/legal misuse concerns even though it's within the claimed functionality.
Install Mechanism: noteNo packaged install spec is declared to the registry, but an included install.sh runs 'go install github.com/sirToby99/swipenode@v1.6.4' (pinned tag) — this is a standard, auditable approach using GitHub as the source. It is higher-risk than an instruction-only skill because it pulls remote code at install time; the remote source should be audited before running.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That is proportionate for a standalone web-extraction binary. There are no hidden env requirements in the provided files.
Persistence & Privilege: okFlags show no forced 'always' installation and model invocation is allowed (the platform default). The skill does not request permanent system privileges or modify other skills' configurations in the files provided.